The port of Lisbon is part of Portugal's critical infrastructure. It has now been revealed that Lockbit has hacked the port's controlling systems and is now demanding a ransom of $1,5 million.
As early as Christmas, the LockBit ransomware group launched a cyberattack on the Port of Lisbon Administration (APL), the third largest port in Portugal. According to the Portuguese government, the port is part of Portugal's critical infrastructure. Although the port of Lisbon is only the third largest in the country, it is one of the most important ports in Europe thanks to its strategic location and its services for cargo, container and cruise ships.
Successful hack - port still in operation
The operator of the port of Lisbon has until January 18.01.2023, 2 to pay the ransom (Image: BXNUMXB-CS).
The website of the company APL is currently not available. However, there was a brief message from APL via local media. In it, the operator assured that although one was a victim of the attack, the operation of the port would not be so badly affected that it would have to be closed.
The operator APL has not announced anything further about the LockBit attack, but it is clear that it is an attack with ransomware. Excerpts of the data from APL can be found on the Lockbit leak page. There you can see screenshots of documents. LockBit says they are financial reports, audits, budgets, contracts, cargo information, ship logs and crew details. Port documentation and various e-mail correspondence should also be included. The screenshots can be seen on the leak page, but their authenticity is of course open.
The classic countdown on the leak page indicates that LockBit plans to release the data on January 18, 2023 unless paid. As always, blackmailed companies also have the option of extending the countdown by 1.000 hours for $24.
LockBit blackmailer with a conscience?
The children's hospital attacked in Toronto receives the decryption software free of charge (Image: B2B-CS).
Almost simultaneously with the attack on the port of Lisbon, another group attacked a children's hospital in Toronto, Canada, using LockBit ransomware. As a so-called affiliate partner, the group used the ransomware and infrastructure from LockBit. For this, the smaller groups give a certain sum to LockBit. But even with this affiliate program for cyber gangsters, there seems to be some kind of agreement. It probably states that certain institutions must not be attacked. This includes children's hospitals.
Children's Hospital gets free decryption help
LockBit apologized for the attack, kicked the affiliate partner out of the cybergangster partner program and handed over the encryption keys to the hospital. The following text can be found on the leak page: “We sincerely apologize for the attack on sikkids.ca and are returning the decryptor for free. The affiliate who attacked this hospital broke our rules, is blocked and is no longer in our affiliate program.”
Editor/sel